streaming-patterns

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed stream keys, access tokens, and OBS passwords directly into command strings and HTTP headers (e.g., ffmpeg URLs with YOUR_STREAM_KEY, Authorization: Bearer {access_token}, OBS SetStreamServiceSettings key), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects to and processes live Twitch chat and Twitch API responses (see "Chat Bot Integration" with twitchio event_message/commands and the TwitchAPI class), which ingest and act on untrusted, user-generated content from public third-party sources.